e4f06a7c97
- Adding permission gates on workspaceMember to only allow user with admin permissions OR users attempting to update or delete themself to perform write operations on workspaceMember object - Reverting some changes to treat workflow objects as regular metadata objects (any user can interact with them) - (fix) Block updates on soft deleted records
33 lines
1.4 KiB
TypeScript
33 lines
1.4 KiB
TypeScript
import { WorkspaceQueryHookInstance } from 'src/engine/api/graphql/workspace-query-runner/workspace-query-hook/interfaces/workspace-query-hook.interface';
|
|
import { UpdateManyResolverArgs } from 'src/engine/api/graphql/workspace-resolver-builder/interfaces/workspace-resolvers-builder.interface';
|
|
|
|
import { WorkspaceQueryHook } from 'src/engine/api/graphql/workspace-query-runner/workspace-query-hook/decorators/workspace-query-hook.decorator';
|
|
import { AuthContext } from 'src/engine/core-modules/auth/types/auth-context.type';
|
|
import { WorkspaceMemberPreQueryHookService } from 'src/modules/workspace-member/query-hooks/workspace-member-pre-query-hook.service';
|
|
|
|
@WorkspaceQueryHook(`workspaceMember.updateMany`)
|
|
export class WorkspaceMemberUpdateManyPreQueryHook
|
|
implements WorkspaceQueryHookInstance
|
|
{
|
|
constructor(
|
|
private readonly workspaceMemberPreQueryHookService: WorkspaceMemberPreQueryHookService,
|
|
) {}
|
|
|
|
async execute(
|
|
authContext: AuthContext,
|
|
objectName: string,
|
|
payload: UpdateManyResolverArgs,
|
|
): Promise<UpdateManyResolverArgs> {
|
|
await this.workspaceMemberPreQueryHookService.validateWorkspaceMemberUpdatePermissionOrThrow(
|
|
{
|
|
userWorkspaceId: authContext.userWorkspaceId,
|
|
workspaceId: authContext.workspace.id,
|
|
apiKey: authContext.apiKey,
|
|
workspaceMemberId: authContext.workspaceMemberId,
|
|
},
|
|
);
|
|
|
|
return payload;
|
|
}
|
|
}
|